Lucene search
K

592 matches found

CVE
CVE
added yesterday4 views

CVE-2026-50453

Out-of-bounds read in Windows USB Audio Class driver usbaudio.sys allows an unauthorized attacker to disclose information with a physical attack...

6.1CVSS6.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 9:0 a.m.8 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.7 views

SUSE CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.8AI score0.00184EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.8 views

SUSE CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.8AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 12:3 p.m.3 views

RLSA-2026:27789 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free vi...

7.8CVSS6.8AI score0.004EPSS
Exploits11References18
BDU FSTEC
BDU FSTEC
added 2026/06/25 12:0 a.m.3 views

The vulnerability of the `snd_usb_create_streams()` function in Linux operating system USB audio drivers allows a hacker to cause a service failure.

The vulnerability of the sndusbcreatestreams function in the Linux operating system’s USB audio driver is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.8AI score0.00171EPSS
Exploits0References15Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using...

5.5CVSS6AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38831

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.7AI score0.00184EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.4 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00175EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/24 4:28 p.m.12 views

CVE-2026-52963

CVE-2026-52963 affects the Linux kernel ALSA usb-audio code path, specifically the MIDI endpoint handling in snd_usbmidi_get_ms_info. The vulnerability arises when the descriptor walker returns a class-specific MIDI endpoint with bLength larger than the remaining bytes in the endpoint-extra scan,...

5.5CVSS5.7AI score0.00184EPSS
Exploits0References8Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...

6AI score0.00222EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed a NULL pointer dereference in sndusbmixercontrolsbadd In sndusbcreatestreams, for UAC version 3 devices, the Interface Association Descriptor IAD is retrieved via usbifnumtoif. If this call fails, a fallbac...

5.9AI score0.00171EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Added a sanity check for OOB writes during silencing. During silencing, the playback URB packets are processed in the implicit fb mode before actual playback. We assume blindly that the received packets fit withi...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed a use-after-free in sndusbmixerfree When sndusbcreatemixer fails, sndusbmixerfree frees mixer-idelems, but the controls that were previously added to the card still reference the freed memory. Later, when...

7.8CVSS6AI score0.00135EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 12:0 p.m.4 views

RLSA-2026:27353 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation CVE-2026-31488 kerne...

7.8CVSS5.9AI score0.00353EPSS
Exploits11References9
Rockylinux
Rockylinux
added 2026/06/24 12:0 p.m.34 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.8CVSS6.4AI score0.00353EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51857

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the snd usbmidi get ms info function fails to properly bound MIDI endpoint descriptor scans. While the function validates the intern...

5.9AI score0.00184EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The USB MIDI 2.0 endpoint parser in the ALSA usb-audio component fails to validate bLength against the remaining bytes in the endpoint-extra scan before reading baAssoGrpTrmBlkID. This...

6AI score0.00175EPSS
Exploits0References14
OSV
OSV
added 2026/06/22 12:0 a.m.10 views

ALSA-2026:27789 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free vi...

9.8CVSS6.8AI score0.004EPSS
Exploits11References36
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.31 views

RockyLinux 8 : kernel-rt (RLSA-2026:27354)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27354 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...

9.8CVSS6.8AI score0.00353EPSS
Exploits11References17
Rows per page
Query Builder